Captain's Quarters -

Captain, once again a hot button issue for this old warrior.

Old habits and sinecures hold sway in our intelligence community, moreso after 9-11 than prior, all as a result of the 9-11 Commission and the knee-jerk reaction to the recommendations of that Commission.

The distinct line between what was acquired clandestinely and what was obtained from open sources was a problem on my watch, and has become more of a problem today. I had a number of reports from the field downgraded, despite their being unique, previously unknown, and subtantiated because I included "open source' material. Was told that open source was a State Department function, I had to solely report on clandestinely obtained information. From what I have gathered in the interveening years, the same attitudes still hold.

Nonetheless, I and a number of my colleagues used RUMINT and OSINT as well as HUMINT successfully over the years, if not directly in our reporting at least in our ability to acquire tip-offs and trends and substantiation.

But, the real problem today is that the Intelligence Community since the 9-11 Commission has become awash in cash. The establishment of the ODNI is where most of that cash was diverted, and the Agency, as well as DIA, among others, was fleeced for warm bodies to fill newly established high-end GS slots at ODNI, new buildings have been built all along the Dulles Corridor, and billions have been wasted in the effort. Instead of focusing on new technologies, the ODNI has farmed out "open source" acquisitions to contractors, such as SITE, and academic institutions across the globe for things such as cruising the internet looking at the same things the jihadists and AQ are looking at.

Not a whole lot of promotions available for operations officers who sit at a desk and cruise the internet...that is a technical function, part of the Directorate of Administration, or something they do over on the analytical side of the house. Language skills are also lacking. Spoken Damascene or Cairene or Gulf Arabic is one thing, being able to read Arabic script in all its regional permutations is quite another. Farm it out instead of wasting time and money developing our own in house skill sets seems to be the current model.

Not a whole lot of Pashtun, Urdu, or other Central Asian, linguists either in the Intel Communty, even today. The current focus is on Chinese...looking toward the next war while farming out the current one.

As for damage, yes, this SITE leak did cause damage. And purposely or inadvertantly we did cause AQ to change channels. I am a bit more removed from NSA these days, but it is my understanding they are doing a lot of traffic analysis in the ethernet, and applying skills toward known nodes, and developing understanding of other nodes that seem to spike or look out of place in the normal patterns of international voice and electronic communications. That said, once a commo channel is disrupted, such as following the SITE leak, AQ will have to re-establish commo among the same group of participants. Frequencies change, to use the old NSA intercept model, but channels do not normally change. The same people need to communicate both up and down the line in order for a group or entitity such as AQ to function. Using traffic analysis and finding weak links in the commo chain can lead to new and better grasp of an enemy commo.

Hopefully, NSA is doing a far better job than the rest of the ODNI is, unless they are sidetracked by more imposition of 1977 rules in a 2007 environment by vocal opponents at large and in Congress who understand neither the sources nor methods utilized.

And, hopefully, someone in or under the ODNI is willing to think and act outside the box to enable a better in house ability to do the same. If AQ and its rather educated cadre is facile on the internet, it is about time we, the Intel Community, should be equaly facile and view the internet as a battle space and a force multiplier, and a means to thwart an enemy with a lot more vigor than we have thus far shown.

Someone at the White House or DHS leaked the tape to Fox News. That leak should be stopped, irrespective of the fact the Fox is our friend.

Trackbacked by The Thunder Run - Web Reconnaissance for 10/12/2007
A short recon of what’s out there that might draw your attention, updated throughout the day...so check back often.

Do we not have a surfeit of destructive hackers in our own land? Perhaps we should recruit and or sentence such persons to engage this front?

Maybe not, Maston. Read this summary at Mudville Gazette.

But to buy SITE's version of events - that someone in the administration leaked news of Katz's email - requires one to ignore the fact ABC reported at 9:23 that "government intelligence sources" had the video and a transcript.

It takes time to write an article, even if all the information is spoon fed to you. Let's say it took only 20 minutes (hard to believe, but possible). ABC still had to have been tipped off before that. So we have to back this up to 9 am to begin writing and, what? 8:30 at the very latest for ABC to have been contacted and decide to write the article?

Also, now we know ABC posted the video before FoxNews. Sounds like they may have been the first to do so.

How likely is it that TWO leakers leaked the same story, on the same day, involving TWO copies of the video and TWO transcripts (one some time before 9:23 and one after Katz contacted Dan Fielding "around 10 am")?

That is the time of the original leak. And isn't it interesting that ABC had a link to the transcript up before Fox? That is what I couldn't establish yesterday.

BB,

I have it from a fairly reliable source that the Agency has been trying to do just that, not all that successfully though. Letting a fox alone in the henhouse, especially a fox whose previous activities were of a nature to call the attention of law enforcement, is not a particularly good way to conduct the business of national security affairs. If they can hack into BankOne, what is to prevent them from achieving the ultimate hack? That being hacking into intelligence circuits or inter-agency bigoted circuits to peruse or leave gifts?

Recruiting from outside and within our own ranks those who possess the mental accuity to be trained to be hackers seems a better route to take. But there is resistance to having young blood hackers who in their prior incarnation were living in the basement swapping SSAN's and corporate and government passwords being brought in to the Agency even as instructors.

But, BB, the gist of your suggestion is quite valid. My kid knows more about the internet and computers than I will ever know. I rely on him often. There should be a secure way to recruit from within that wide range of destructive hackers living in basements across America. I'd much prefer that than having to depend on farmed out contractors, domestic and foreign.

Maston:

ABC News was the "leaking" news agency not Fox. SITE open source intelligence is unclassified. Private organizations do not have the authority to classify information. Contractors working on classified data have a form DD 254 attached to their signed contract which authorizes them to receive classified and to classify information/data generated on the contract.. If the data was owned by SITE then it is proprietary information/data and is protected under contract and privacy laws.

Your lack of knowledge about the handling and creation of classified material and your attempt to blame Fox indicates that you are most likely a moveon.org/Kos troll.

The question is, who leaked it? Fox News and ABC News and probably others got the tape from someone inside the Administration. SITE seems to be doing good work that benefits the country in the fight against terrorist organizations, so why compromise their work?

Maybe the leaker was someone leaving the Administration who is looking to get into the news business.

Maston, your basic understanding of what constitutes classified information and what does not notwithstanding, your conjecture that someone in the Administration looking to get in the news business is, to be polite, somewhat shallow.

ANY member of any Administration in any capacity in policy planning and implementation,, or involved in public affairs, can dictate a price for their being hired by a news organization. Using a purloined unclassified proprietary contractor document to gain favor in the hiring process would count against them not in favor of them in the eyes of even the most left-wing or right wing legitimate news outfit.

If there was a "leak" as leaks are looked upon under current law, I suspect a staffer, of the Administration or the contractor, an ash-and-trash type, not a principal, who was offered a dangle of cash, to allow one news outfit to obtain a scoop over another.

Or, I would lean heavily to a dangle of this entire "leak" as a means to operationally verify the electronic chain of command of AQ in various parts of the world in order to confound their efforts or to establish a current electronic command and reporting chain on AQ.

ED,

The intel work on the internet that you call for is already being done--it is contracted out because the CIA and DIA and so on have a number of privacy and other restrictions that do not apply to private-sector outfits. The priavacy nuts have made it impossible for the feds to do it directly.

Thus, the White House leak of the katz UBL video was very damaging. The SITE Institute was a unique resource which the agencies do not have on their own and now it is gone. At least for a while.

In addition to it not being fatal I wonder just what useful information the monitoring entities, both public and private, garnered from monitoring the shut down. some of the most interesting data garnered from disaster analysis is obtained from reverse engineering the disaster. Monitoring a system shutdown should provided some interesting data and actually shed some light on the extent of the network and how to attack it in the future. Perhaps the leak was more intelligence driven than people would have the public believe.

piscivorous, sshhhh! You are getting a bit too close to something that is working. :-)

You are very correct in the reverse engineering analysis of the shutdown. As the systems come back online, and they are, it is very enlightening.

Richard Miniter!

WOW!

The Jawa Report has a different take on the situation. Al Qaeda's Compromised Intranet & Our Compromised Intel?

A lovely bit from the article.

Noah Schachtman calls it "al Qaeda's Intranet". Other cybergeeks are calling it "Obelisk". I like to call it, "the part of the password protected forum where jihadis swap beheading videos before they post them to the regular password protected forums where wannabe jihadis view them."

Yes, it's that mundane.